Despite the success of the launch, there was one area in which Microsoft appeared falterWindows 10 Is Watching: Should You Be Worried?Windows 10 Is Watching: Should You Be Worried?Since its release, Windows 10 has been dogged by rumors concerning user privacy. Some of these are accurate, whereas others are myths. But where does Windows 10 stand on privacy, really?Read More: privacy. Windows 10 included mandatory and opt-out data collection for “product improvement and personalization” purposes. They further complicated the situation by being unclear about what data they were collecting and for what purpose, leading to claims that Windows 10 was a “privacy nightmare”.

With the advent of the Windows 10 Creator’s Update though, Microsoft seems to have decided that the time is right to be more transparent about their data gathering activities.

Once you were upgraded to Windows 10, Microsoft began gathering data on your use of your Windows computer and even linked that data to your Microsoft account. Although the use of an opt-out approach is generally frowned upon, Microsoft took it a step further by complicating the privacy options, and giving you little choice in the matter.

If these privacy changes had happened pre-2013, then there’s a good chance that they may have been overlooked. However, in that year Edward Snowden leaked documents from the NSA that laid bare the mass surveillance of U.S. citizens and internet users around the world.

The timing of the addition of mandatory data gathering, with little explanation, and only two years after the initial revelations was particularly problematic. This led many to aggressively question Microsoft’s data gathering, even going so far as to develop tools to disable Windows telemetry, or to suggest abandoning Windows all together for a more secure Linux-based OS.

Unfortunately Microsoft decided to stay silent on the matter which only made the fears appear more rational.

Fortunately, Microsoft has decided to remedy this potentially dangerous situation by finally granting Windows users clear and granular privacy settings in the Windows 10 Creator’s Update. To coincide with the update’s release, they also published an in-depth guide to the different areas of data collection on TechNet.

Defined Categories

In the Creator’s Update there has also been a simplification of data collection levels down to either Basic or Full. A companion TechNet post listed every point of data collected at the Basic level along with Technical Information.

In the TechNet post Microsoft broke down the Full level data collection into nine distinct categories:

Common Data

Device, Connectivity, and Configuration data

Product and Service Usage data

Product and Service Performance data

Software Setup and Inventory data

Content Consumption data

Browsing, Search and Query data

Inking, Typing, and Speech Utterance data

Licensing and Purchase data

Microsoft has so far only published descriptions and example data for each category at the Full collection level.

Common Data

For diagnostic events at either Basic or Full level, Microsoft collects a header of what they term “common data” which includes:

When searching locally on your device only metadata about the search is collected, presumably in order to make sure that search helps you find what you are looking for more efficiently. The good news about the browsing and online search history is that if you don’t want to be involved, you can just use another browser as it applies only to either internet Explorer or Edge.

The post makes it clear that any ink strokes that are converted to text are stripped of information that could reconstruct the content or associate it to a user. If collection of voice data outlined here seems oddly brief, that would be because the main voice input — Cortana — is governed by a separate data collection policy.

Content Consumption Data

After the Windows 10 launch, Microsoft appeared to stay purposefully silent on the matter of data collection. Then they entered the foray by publishing some interesting usage statistics over on their blog. Among all the data included was that there had been “over 82 billion photos viewed within the Windows 10 Photo app”. This did little to calm people’s worries.

In an effort to rectify this, the Content Consumption data type is explicit that it “includes diagnostic details about Microsoft applications that provide media consumption functionality (such as Groove Music), and is not intended to capture user viewing, listening or reading habits.”

Under the Content Consumption data type Microsoft isn’t tracking what you consume but rather how you consume it.

And the Rest

In addition to the more controversial categories of data collection, Microsoft also provided information on some of the less disputed categories.

Device, Connectivity, and Configuration Data

As the name suggests, this data type is all about the type of device you are using, how it connects to the internet, and how it is configured. The TechNet post gives a comprehensive list of the data collected, but the highlights are:

Product and Service Usage Data

The original purpose behind the CEIP was to “[help] Microsoft identify which Windows features to improve“. By tracking which features users spent most of their time with, or even which had the most problems, Microsoft was able to focus their efforts in useful ways. The Product and Service Usage category is an extension of that purpose.

Product and Service Performance Data

This category primarily covers information used for diagnostics and device health. When an app crashes or something unexpected happens, this is the data that may help get to the bottom of it.

There is a lot of data nested underneath Device performance and reliability which may make you feel uneasy. However, a closer look shows that very little being recorded is sensitive or personal information. Instead, it is nearly all related to the health of the hardware and software configuration of your device.

Software Setup and Inventory Data

While updating to Windows 10, some users noticed that Microsoft was removing apps that weren’t installed through the Windows Store. This led to several Reddit threads where the mood was best summed up by u/pcg79:

For the last few iterations of Windows, Microsoft would check your upgrade eligibility and would warn you of any potential issues before you went ahead. Instead, Windows 10 was making the decision for you to remove the potentially problematic apps. This fueled speculation that Microsoft was collecting data on which applications were installed on your computer.

Although the TechNet post does little to assuage those fears, Microsoft has at least admitted that they are tracking which applications you have installed on your computer.

Licensing and Purchase Data

In a world of online shopping and app stores, you perhaps already suspected that this information was being stored and collected. The data collected for Licensing and Purchasing allows Microsoft to verify that you are running a legitimate copy of Windows, as well as providing you with account information.

Purchase History — Product name, price, time of purchase, and payment method.

As outlined in the post, Microsoft has improved the information you see about the privacy settings throughout Windows, by including descriptions and “Learn More” buttons. The major improvement to the Windows 10 privacy settings though is during the Creator’s Update installation process.

While the majority of the data outlined in the TechNet post is specific to the device you are using, there are areas that overlap with your Microsoft account. This includes the use of Cortana as the personal assistant will store your preferences and interests. Microsoft recently launched a web-based privacy dashboard that allows you to view and remove data that has been collected and associated with your Microsoft account.

Are You Ready to Trust Microsoft Again?

With credit to Microsoft, they have listened to their users and made a concerted effort to be more transparent about data collection. They have provided more controls and options as to what data is stored and how it is used. This may have reassured you that Microsoft — despite their ties to the PRISM program — isn’t overreaching in their data collection.

However, it’s important to note that all the new privacy features are only available and relevant to Windows 10 Creator’s Update. Windows 7, 8, and “vanilla” 10 will not be receiving the same treatment or level of transparency.

Your email address will not be published. Required fields are marked *

Comment

Name *

Email *

Keith

April 25, 2017 at 10:50 pm

If think that if MS had 1) added a kill switch for all communication back home to the servers, listing. of course, the features than would thus not work if the switch was used and giving a true client based OS like the Enterprise version, and 2) put out security only updates separate to feature only updates: then they would have some credibility regarding their protection of your privacy. These are so easy for them to implement that the mere fact that they are not says a lot to their commitment to user privacy and security. They still are pipe-lined into the special version of Google Search provided by Google to the NSA - the one without ads and where they ask any information about any US resident and the Google Search engine goes to work and data mines the combined data collected by Google and Microsoft.

From Microsoft's descriptions most of the data that they request from ordinary users is about how their products are used and what state they are in. As the ability to store data has increased, so has the scope of what companies request. I personally have disabled telemetry - but I also don't believe that Microsoft collects it for malicious purposes. With regard to the NSA - Microsoft should have and could have put up more of a fight to protect their users - then again they - like all American companies - are at the mercy of Government bodies through the rule of law.

Most of the anti-spy tools operate by blocking connections to all Microsoft servers. This is how issues like these (http://www.askvg.com/fix-cant-open-bing-msn-outlook-or-other-microsoft-websites-in-windows-10/) were discovered. Additionally, ghacks did a roundup of the main anti-spy tools in 2015 where they found that the majority wouldn't explain any of the actions they take. This is a problem for most users as they would have no idea whether the actions taken were appropriate.

James is a MakeUseOf staff writer from London, UK with a BEng in Mechanical Engineering. Passionate about security and privacy. When not indulging in professional writing, he can be found writing about life in general at his blog. Interested in meditation, music, health, and self improvement.